STATIC WAN IP to LAN Allocation

TheGoob · ‎12-13-2023

Hello

Currently I have 5 (Usable) Static IP’s. The Cisco FPR1010 Has x.x.x.182 as it’s WAN IP and then Subnet 192.168.5.0 uses it for its Internet. I have my 4 other IP’s directed Via NAT I.E x.x.x.177 - x.x.x.181 to 192.168.5.177 - 192.168.5.181 but this allocates only 1 LAN to use it.

To better utilize my WAN IP’s for various devices, can I assign (in the Cisco) an Interface (Like GE 1/2 and so on) to have it’s own wan (I mean, the FPR itself does) and then create network like 192.168.2.0 for it, so I can plug in GE1/2 (assigned x.x.x.181) and then the Switch plugged in can use a 192.168.2.0 Address?

Or, if what I am saying is confusing, can I assign a static wan IP to an Interface then plug a switch in for a subnet/network (not the FPR1010 Itself).

MHM Cisco World · ‎12-13-2023

Can you more elaborate

And topolgy will big help

MHM

TheGoob · ‎12-13-2023

Or, would I assign IP192.168.2.1 (and make a dhcp server) to GE1/2 and then make a NAT x.x.x.181 to LAN Network 192.168.2.0

balaji.bandi · ‎12-13-2023

You do not need to allocate WAN IP to device, since provder already routed those block to you.

You just need to use NAT entry for the new subnet to that Public IP.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎12-13-2023

I dont full get what you want to try here

But if you have server in dmz' then you can use 4 public IP for these server.

In such you can control with acl what allow and what not allow.

MHM

TheGoob · ‎12-13-2023

Hi there

Well currently there is nothing set up specifically..

In my current setup, I have 5 WAN IP's and 1 Network, 192.168.5.0. My FPR1010 has the x.x.x.182 WAN IP, and all of 192.168.5.1 - 192.168.5.175 LAN use it as it's Internet Address. I have currently set up NAT x.x.x.177 to x.x.x.181 to use 192.168.5.177 - 192.168.5.181 (which is out of the LAN Network DHCP) but I find that to be a waste as now only 1 Device can use that IP for it's Internet Address.. It matters because I want to have 2 separate machines serving some stuff, but can't cause only (for example) 192.168.5.177 can use x.x.x.177 for it's Internet IP. So, I want to create 5 more Networks and associate those WAN IP's to a NETWORK, not a specific IP, So I was initially asking how that was done, and I believe the answer was I simply NAT WAN IP to LAN NETWORK, not NAT WAN IP to LAN Specific IP. So now whatever plugs into said Interface will grab an IP off the network that is associated to that WAN IP as I will create DHCP servers per Interface. /me hoping I explained that correctly.

OR, On the FPR would I create the 5 Network/vlans and then TRUNK them onto one LAN Interface, and then on my SG500X Switch, create a TRUNK on an Interface and the same vlans and then assign whichever Interfaces on the 24 Ports to whatever vlan I want it to have.

MHM Cisco World · ‎12-13-2023

ISP to SW then connect your L3 device like router and your FPR.
each l3 device have it public IP and FPR have it
then do NAT form private connect to l3 device to public IP and same in FPR
you can put SW and connect many device.

what issue of this config if ISP use DHCP or PPPoE so you must ask them if you can connect multi device and make their DHCP server assign IP for each device from your public IP range
MHM

TheGoob · ‎12-13-2023

Ahh, I currently have my DSL in Bridge mod one and do PPPoE on FPR.

MHM Cisco World · ‎12-13-2023

Try connect multi l3 device to SW and connect SW to your ISP' we will see that only one get IP other no' or you are lucky and all get IP from DHCH server of ISP

But anyway consider this point when you design your network

Goodluck friend

MHM

paul driver · ‎12-13-2023

Hello

@TheGoob wrote:
So, I want to create 5 more Networks and associate those WAN IP's to a NETWORK,

Absolutely you can.. The main premise of NAT is to "hide" private networks.

example:

Interface y/y
description WAN interface
ip address 10.1.1.181 255.255.255.248
ip nat outside
no shut

Interface x.x
description LAN interface
no shut
Interface x.x,101
encapsulation dot1q 101
ip address 192.168.1.1 255.255.255.0
ip nat inside

Interface x.x,102
encapsulation dot1q 102
ip address 192.168.2.1 255.255.255.0
ip nat inside

Interface x.x,103
encapsulation dot1q 103
ip address 192.168.3.1 255.255.255.0
ip nat inside

Interface x.x,104
encapsulation dot1q 104
iip address 192.168.4.1 255.255.255.0
ip nat inside

Interface x.x,105
encapsulation dot1q 105
iip address 192.168.5.1 255.255.255.0
ip nat inside

access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
access-list 103 permit ip 192.168.3.0 0.0.0.255 any
access-list 104 permit ip 192.168.4.0 0.0.0.255 any
access-list 105 permit ip 192.168.5.0 0.0.0.255 any

ip nat pool 1 10.1.1.177 10.1.1.177 prefix-length 28
ip nat pool 2 10.1.1.178 10.1.1.178 prefix-length 28
ip nat pool 3 10.1.1.179 10.1.1.179 prefix-length 28
ip nat pool 4 10.1.1.180 10.1.1.180 prefix-length 28
ip nat pool 5 10.1.1.181 10.1.1.181 prefix-length 28

ip nat inside source list 101 pool 1 overload
ip nat inside source list 102 pool 2 overload
ip nat inside source list 103 pool 3 overload
ip nat inside source list 104 pool 4 overload
ip nat inside source list 105 pool 5 overload

ip route 0.0.0.0 0.0.0.0 interface y/y 10.1.1.182

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

TheGoob · ‎12-13-2023

Hello

Are these commands universal CLI, meaning will this work with FPR1010 as well?

paul driver · ‎12-13-2023

Hello
Apologies i didn’t notice the routing device was a FP fw - although the nat in concept is the same unfortunately the cfg will be different- you have the option to apply nat via the FMC gui or cli - review

Using either a FW or Rtr at your wan edge you should be able to accomplish your goal.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

TheGoob · ‎12-15-2023

I will look into this, as I said, my FPR1010 Is the receiver of all my Static WAN IP’s via PPPoE connected to a DSL Router via Bridge. The FPR is “the” 1st device in the link. It itself is x.x.x.182 which LAN 192.168.5.0 uses by default.

I simply am going to add NAT translations for the other 5 WAN IP’s to their LAN NETWORKS’s, I.E WAN x.x.x.177 will translate to LAN 192.168.1.0.

That seems all well and simple enough, by concern is, connecting the FPR to my SG500X Switch, does the FPR support TRUNK Ports so I do not need to run a cable for each network into the SG500X or trunk it and create 5 vlans on the SG500X and have GE 1/1 on SG be the Trunk…. OR does FPR not support TRUNK and will have to run each Network (on FPR) to its vlan on the SG (SG would have to be in L2 mode I'm assuming if not trucked).

So, long short… I get my FPR set up all correctly… WAN IP to LAN Network… How do I get them yo the SG500. Trunk or a cable per Network .

MHM Cisco World · ‎12-15-2023

If you connect ISP to SG500 and then to other networks

Then

All must be in same VLAN' so access port for each device

MHM

TheGoob · ‎12-15-2023

ISP is connecting to FPR1010, which has x.x.x.182 WAN IP then 192.168.5.0 LAN. I want to “pass through” the 5 other Static WAN IP’s to their own Networks, 192.168.1.0, 192.268.2.0 etc to the SG500X, and then depending on what vlan/ports a host connects to will determine its WAN IP. I guess my thinking is wrong on this.